Twitter in a statement apologised to users for unintentionally using the email addresses and phone numbers they provided for account security to enable targeted advertising.
The social network blames it on third-party marketers whom they think may have been able to target specific users on Twitter based of their data without their consent. Twitter said in a statement that “it cannot say with certainty how many people were impacted,” even though it’s likely that users globally may have been affected.
Unlike what Facebook had done after the Cambridge Analytica saga, Twitter is not proactively contacting customers to inform them of the privacy breach; neither did it say when it was first discovered. It said however, that it had addressed the problem on September 17- 21 days ago.
To further address the breach, the firm said it was no longer using phone numbers and email addresses for safety and security reasons. The firm says it is communicating with regulators but is yet to inform users of the data breach. Meanwhile, under Europe’s General Data Protection Regulation (GDPR), users must be notified if data is used for a purpose other than what it was intended for.
The Social network currently has 139 million active subscribers that use the site daily and are served with adverts.
Big techs, including Facebook, Google and Twitter have faced backlash from users and regulators globally concerning how their platforms handle user data. Twitter said when advertisers uploaded their marketing list, it may have matched existing ones owned by people subscribed to their platform, insisting that it didn’t share user data with third party advertising firms.
“This was an error and we apologise,” the company said in a blog post.
This practice of matching emails with an existing database is a common practice across social media platforms which allows targeted advertisement designed to reach users who are likely already familiar with the brand or product.
However, Twitter revealed in its statement on Tuesday that the email matching included addresses that had been submitted by users for the purpose of enhancing their security by adding the two-factor authentication- a method that allows a higher level of security to prevent hackers from gaining access to use a person’s credentials.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” the company explained.
The US Federal Trade Commission asked Facebook to stop using the phone numbers it obtained from people who wanted to enhance their security by adding the two-factor authentication for ad purposes, after it handed its record-breaking $5bn fine.